Can't check signature, DSA key 9C973C92 requires a 256 bit or larger hash

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Mar 17 15:39:58 CET 2014


On 03/15/2014 03:53 PM, Juha Heljoranta wrote:

> I am not able to get the gpg to verify a signature.
> 
> Any advice how to fix this?
> Or could the key 9C973C92 be invalid/broken?
> 
> 
> $ mkdir -m 700 newgnupg
> $ echo foo > zinc-0.2.0.jar
> $ wget http://repo1.maven.org/maven2/com/typesafe/zinc/zinc/0.2.0/zinc-0.2.0.jar.asc

This is a signature ostensibly made by a 2048-bit DSA key, made over an
SHA-1 digest.  DSA keys larger than 1024-bits should generally make
signatures over stronger digests than SHA-1.

See section 4.2 of FIPS-186-4
http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf for similar
guidance.

Perhaps the folks who publish zinc need to --enable-dsa2, or to remove
any mistaken "digest-algo sha1" from their signing routines?  You could
point them at this thread in the gnupg-users archives if you think it
would be useful.

That said gpg seems to still accept signatures made by even stronger RSA
keys over SHA-1.  And it even accepts (with a warning) signatures by
stronger RSA keys over MD5, which is even weaker than SHA1.

So gpg's behavior seems to be non-uniform here.  That said, i'd love to
be able to tell gpg to ignore or explicitly reject signatures made by
strong keys with MD5 digests.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140317/0e1f6be7/attachment.sig>


More information about the Gnupg-users mailing list